Bug #101914 Contribution: Add support for VERIFY_CA and VERIFY_IDENTITY SslMode\'s
Submitted: 8 Dec 2020 15:42 Modified: 25 Feb 2021 14:19
Reporter: OCA Admin (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Document Store: MySQL Shell Severity:S3 (Non-critical)
Version: OS:Any
Assigned to: CPU Architecture:Any

[8 Dec 2020 15:42] OCA Admin 
Description:
This bug tracks a contribution by Daniël van Eeden (Github user: dveeden) as described in http://github.com/mysql/mysql-shell/pull/7

How to repeat:
See description

Suggested fix:
See contribution code attached
[8 Dec 2020 15:42] OCA Admin 
Contribution submitted via Github - Add support for VERIFY_CA and VERIFY_IDENTITY SslMode's 
(*) Contribution by Daniël van Eeden (Github dveeden, mysql-shell/pull/7#issuecomment-740665533): I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: git_patch_534350026.txt (text/plain), 5.12 KiB.
[8 Dec 2020 16:41] MySQL Verification Team 
Thank you for the contribution.
[25 Feb 2021 14:19] David Moss 
Thank you for your feedback, this has been fixed in upcoming versions and the following was added to the 8.0.24 change log:
The memberSslMode option did not support the VERIFY_CA and VERIFY_IDENTITY modes for the following operations:

dba.createCluster()

Cluster.addInstance()

Cluster.rejoinInstance()

Now, the memberSslMode option supports these modes, and when they are used there is a validation to ensure that the CA certificates are supplied. If you choose to use the VERIFY_CA or VERIFY_IDENTITY mode, on each cluster instance you must manually supply the CA certificates using the ssl_ca and/or ssl_capath option. For more information, see Securing your Cluster.

Thanks to Daniël van Eeden for the contribution.